Export limit exceeded: 341935 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (341935 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-66071 | 2 Tychesoftwares, Wordpress | 2 Custom Order Numbers For Woocommerce, Wordpress | 2026-04-01 | 5.3 Medium |
| Missing Authorization vulnerability in tychesoftwares Custom Order Numbers for WooCommerce custom-order-numbers-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom Order Numbers for WooCommerce: from n/a through <= 1.11.0. | ||||
| CVE-2025-66070 | 1 Wordpress | 1 Wordpress | 2026-04-01 | 7.5 High |
| Missing Authorization vulnerability in Tomdever wpForo Forum wpforo allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpForo Forum: from n/a through <= 2.4.10. | ||||
| CVE-2025-66069 | 3 Themeisle, Woocommerce, Wordpress | 3 Ppom For Woocommerce, Woocommerce, Wordpress | 2026-04-01 | 4.3 Medium |
| Missing Authorization vulnerability in Themeisle PPOM for WooCommerce woocommerce-product-addon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PPOM for WooCommerce: from n/a through <= 33.0.16. | ||||
| CVE-2025-66068 | 2 Instawp, Wordpress | 2 Instawp Connect, Wordpress | 2026-04-01 | 6.5 Medium |
| Missing Authorization vulnerability in InstaWP InstaWP Connect instawp-connect allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects InstaWP Connect: from n/a through <= 0.1.1.9. | ||||
| CVE-2025-66066 | 2 Envothemes, Wordpress | 2 Envo Extra, Wordpress | 2026-04-01 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EnvoThemes Envo Extra envo-extra allows Stored XSS.This issue affects Envo Extra: from n/a through <= 1.9.11. | ||||
| CVE-2025-66065 | 2 Jegstudio, Wordpress | 2 Gutenverse, Wordpress | 2026-04-01 | 5.3 Medium |
| Missing Authorization vulnerability in Jegstudio Gutenverse gutenverse allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutenverse: from n/a through <= 3.2.1. | ||||
| CVE-2025-66064 | 2 Rafflepress, Wordpress | 3 Giveaways And Contests, Giveaways And Contests By Rafflepress, Wordpress | 2026-04-01 | 5.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Syed Balkhi Giveaways and Contests by RafflePress rafflepress allows Cross Site Request Forgery.This issue affects Giveaways and Contests by RafflePress: from n/a through <= 1.12.20. | ||||
| CVE-2025-66063 | 2 Jgwhite33, Wordpress | 2 Wp Google Review Slider, Wordpress | 2026-04-01 | 5.4 Medium |
| Missing Authorization vulnerability in jgwhite33 WP Google Review Slider wp-google-places-review-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Google Review Slider: from n/a through <= 17.4. | ||||
| CVE-2025-66062 | 1 Wordpress | 1 Wordpress | 2026-04-01 | 3.7 Low |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Frank Goossens WP YouTube Lyte wp-youtube-lyte allows Phishing.This issue affects WP YouTube Lyte: from n/a through <= 1.7.28. | ||||
| CVE-2025-66061 | 3 Castos, Craig Hewitt, Wordpress | 3 Seriously Simple Podcasting, Seriously Simple Podcasting, Wordpress | 2026-04-01 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Cross Site Request Forgery.This issue affects Seriously Simple Podcasting: from n/a through <= 3.13.0. | ||||
| CVE-2025-66060 | 3 Castos, Craig Hewitt, Wordpress | 3 Seriously Simple Podcasting, Seriously Simple Podcasting, Wordpress | 2026-04-01 | 5.3 Medium |
| Missing Authorization vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Seriously Simple Podcasting: from n/a through <= 3.13.0. | ||||
| CVE-2025-66059 | 3 Castos, Craig Hewitt, Wordpress | 3 Seriously Simple Podcasting, Seriously Simple Podcasting, Wordpress | 2026-04-01 | 5.3 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Craig Hewitt Seriously Simple Podcasting seriously-simple-podcasting allows Retrieve Embedded Sensitive Data.This issue affects Seriously Simple Podcasting: from n/a through <= 3.13.0. | ||||
| CVE-2025-66057 | 2 Bold-themes, Wordpress | 2 Bold Page Builder, Wordpress | 2026-04-01 | 6.3 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in boldthemes Bold Page Builder bold-page-builder allows DOM-Based XSS.This issue affects Bold Page Builder: from n/a through <= 5.5.2. | ||||
| CVE-2025-66056 | 2 Uncannyowl, Wordpress | 2 Uncanny Automator, Wordpress | 2026-04-01 | 4.3 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Uncanny Owl Uncanny Automator uncanny-automator allows Retrieve Embedded Sensitive Data.This issue affects Uncanny Automator: from n/a through < 6.10.0. | ||||
| CVE-2025-66055 | 2 Icegram, Wordpress | 2 Email Subscribers & Newsletters, Wordpress | 2026-04-01 | 7.2 High |
| Deserialization of Untrusted Data vulnerability in Icegram Email Subscribers & Newsletters email-subscribers allows Object Injection.This issue affects Email Subscribers & Newsletters: from n/a through <= 5.9.10. | ||||
| CVE-2025-66054 | 2 Thimpress, Wordpress | 2 Learnpress, Wordpress | 2026-04-01 | 7.5 High |
| Missing Authorization vulnerability in ThimPress LearnPress learnpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LearnPress: from n/a through <= 4.2.9.4. | ||||
| CVE-2025-66053 | 2 Kriesi, Wordpress | 2 Enfold, Wordpress | 2026-04-01 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kriesi Enfold enfold allows Stored XSS.This issue affects Enfold: from n/a through <= 7.1.2. | ||||
| CVE-2025-64638 | 3 Onpay.io, Woocommerce, Wordpress | 3 For Woocommerce, Woocommerce, Wordpress | 2026-04-01 | 5.3 Medium |
| Missing Authorization vulnerability in OnPay.io OnPay.io for WooCommerce onpay-io-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects OnPay.io for WooCommerce: from n/a through <= 1.0.47. | ||||
| CVE-2025-64635 | 1 Wordpress | 1 Wordpress | 2026-04-01 | 5.4 Medium |
| Missing Authorization vulnerability in Syed Balkhi Feeds for YouTube feeds-for-youtube allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Feeds for YouTube: from n/a through <= 2.4.0. | ||||
| CVE-2025-64633 | 1 Wordpress | 1 Wordpress | 2026-04-01 | 5.3 Medium |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in colabrio Norebro Extra norebro-extra allows Code Injection.This issue affects Norebro Extra: from n/a through <= 1.6.8. | ||||